How does it map to industry security standards?

The skill maps tools and activities directly to the OWASP DevSecOps Guideline and specific CWE (Common Weakness Enumeration) identifiers for compliance.

What security tools does this skill cover?

It provides data for over 15 tools including Gitleaks, Semgrep, Trivy, Hadolint, tfsec, Checkov, OWASP ZAP, and Nuclei.

Can it help with CI/CD configuration?

Yes, it provides specific YAML snippets for integrating security tools into GitHub Actions and other pipeline environments.

Does it support Japanese language queries?

Yes, the skill is optimized for both English and Japanese terminology such as 'セキュリティゲート' (Security Gate) and '静的解析' (Static Analysis).

DevSecOps Guideline Lookup

Name: DevSecOps Guideline Lookup
Author: naporin0624

bynaporin0624

•

セキュリティとテスト

Provides comprehensive guidance on DevSecOps phases, security tools, and CI/CD integration patterns based on OWASP standards.

概要

This skill empowers developers and security engineers to implement robust security practices within their CI/CD pipelines by providing instant access to the OWASP DevSecOps Guideline. It offers detailed technical references for over 15 industry-standard security tools—including Semgrep, Gitleaks, and Trivy—covering installation commands, usage examples, CWE mappings, and ready-to-use GitHub Actions integration snippets for every phase of the software development lifecycle.

主な機能

Access ready-to-use CI/CD integration patterns for GitHub Actions
Map Common Weakness Enumerations (CWE) to specific security checks
2 GitHub stars
Reference 15+ security tools across all pipeline phases
Identify appropriate tools for SAST, DAST, SCA, and IaC security
Navigate DevSecOps activities from pre-commit to production monitoring

ユースケース

Setting up a secret scanning workflow using Gitleaks in a pre-commit hook
Finding the right tool and configuration for container security scanning in a build pipeline
Mapping specific security vulnerabilities (CWE) to the correct automated mitigation tool

概要

主な機能

Access ready-to-use CI/CD integration patterns for GitHub Actions
Map Common Weakness Enumerations (CWE) to specific security checks
2 GitHub stars
Reference 15+ security tools across all pipeline phases
Identify appropriate tools for SAST, DAST, SCA, and IaC security
Navigate DevSecOps activities from pre-commit to production monitoring

ユースケース

Setting up a secret scanning workflow using Gitleaks in a pre-commit hook
Finding the right tool and configuration for container security scanning in a build pipeline
Mapping specific security vulnerabilities (CWE) to the correct automated mitigation tool